maria-developers team mailing list archive

Thread
Date

Re: [Commits] 97037da: Replace static usage of AES_CTR with current encryption algorithm.

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
Date: Tue, 17 Mar 2015 19:42:10 +0100
In-reply-to: <CA+DE=MmcOa6RYt8w+3vAFYbsySUFHmk7qMWmPHVJrj0drUuWxA@mail.gmail.com>
Openpgp: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
Organization: the lounge interactive design
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

Hi

Am 17.03.2015 um 19:18 schrieb Jeremy Cole:

But the whole encryption_algorithm stuff seems not well thought out in
any case


there was a recent thread on the orcle list today
it's sad that ECHDE / AES-GCM / SHA256 are not working at all

currently only DHE-RSA-AES128-SHA / DHE-RSA-AES256-SHA are working withforward secrecy at all while CBC instead GCM should be avoided beausesecurity as well as performance on modern CPU's

ssl-cipher =ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:RSA-AES256-SHA

Attachment: signature.asc
Description: OpenPGP digital signature

References

Re: [Commits] 97037da: Replace static usage of AES_CTR with current encryption algorithm.
From: Jeremy Cole, 2015-03-17
Re: [Commits] 97037da: Replace static usage of AES_CTR with current encryption algorithm.
From: Jeremy Cole, 2015-03-17